name: Release

run-name: |
  {{#$}} (inputs.dryrun && 'Dry run')
   || format('Release: {0}', (inputs.version == 'custom' && inputs.custom) || inputs.version) {{/$}}

on:
  workflow_dispatch:
    inputs:
      dryrun:
        description: 'Dry run (no npm publish)'
        required: false
        type: boolean
        default: true
      version:
        description: 'Version component to update (or "custom" to provide exact version)'
        required: true
        type: choice
        options:
          - patch
          - minor
          - major
          - prepatch
          - preminor
          - premajor
          - prerelease
          - custom
      custom:
        description: 'Custom version'
        required: false
        default: ''

jobs:
  setup:
    name: Setup
    runs-on: ubuntu-latest
    permissions:
      contents: write
    outputs:
      dryrun: {{#$}} steps.dryrun.outputs.dryrun {{/$}}
      publish: {{#$}} steps.publish.outputs.publish {{/$}}
      ref: {{#$}} steps.tag.outputs.tag || github.event.repository.default_branch {{/$}}
      tag: {{#$}} steps.tag.outputs.tag || '' {{/$}}
    steps:
      - name: Validate Workflow Inputs
        if: {{#$}} inputs.version == 'custom' && inputs.custom == '' {{/$}}
        shell: bash
        run: |
          echo '::error::No custom version number provided'
          exit 1
      - id: dryrun
        name: Validate Dry Run Event
        if: {{#$}} inputs.dryrun {{/$}}
        shell: bash
        run: echo dryrun=true | tee -a $GITHUB_OUTPUT
      - id: publish
        name: Validate Publish Event
        if: {{#$}} !inputs.dryrun {{/$}}
        shell: bash
        env:
          NPM_TOKEN: {{#$}} secrets.NPM_TOKEN {{/$}}
        run: |
          if [[ -z $NPM_TOKEN ]]; then
            echo "::error::Secret NPM_TOKEN is not defined for this GitHub repo."
            echo "::error::To publish to npm, this action requires:"
            echo "::error:: • an npm access token;"
            echo "::error:: • with Read-Write access to this project's npm packages;"
            echo "::error:: • stored as a repo secret named NPM_TOKEN."
            echo "::error::See https://docs.npmjs.com/about-access-tokens for info about creating npm tokens."
            echo "::error:: 💡 The simplest method is to create a Classic npm token of type Automation."
            echo "::error:: 💡 For greater security, consider using a Granual access token."
            echo "::error::See https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions for info about how to store GitHub repo secrets."
            exit 1
          fi
          echo publish=true | tee -a $GITHUB_OUTPUT
      - name: Checkout Code
        uses: actions/checkout@{{versions.actions.verified.checkout}}
      - name: Setup Neon Environment
        uses: ./.github/actions/setup
        with:
          use-rust: false
      - name: Tag Release
        if: {{#$}} !inputs.dryrun {{/$}}
        id: tag
        shell: bash
        run: |
          git config --global user.name $ACTIONS_USER
          git config --global user.email $ACTIONS_EMAIL
          npm version -m 'v%s' '{{#$}} (inputs.version == 'custom' && inputs.custom) || inputs.version {{/$}}'
          git push --follow-tags
          echo tag=$(git describe --abbrev=0) | tee -a $GITHUB_OUTPUT

  build:
    name: Build
    needs: [setup]
    permissions:
      contents: write
    uses: ./.github/workflows/build.yml
    with:
      ref: {{#$}} needs.setup.outputs.ref {{/$}}
      tag: {{#$}} needs.setup.outputs.tag {{/$}}
      update-version: {{#$}} !!needs.setup.outputs.dryrun {{/$}}
      version: {{#$}} (inputs.version == 'custom' && inputs.custom) || inputs.version {{/$}}
      github-release: {{#$}} !!needs.setup.outputs.publish {{/$}}

  publish:
    name: Publish
    if: {{#$}} needs.setup.outputs.publish {{/$}}
    needs: [setup, build]
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Checkout Code
        uses: actions/checkout@{{versions.actions.verified.checkout}}
        with:
          ref: {{#$}} needs.setup.outputs.ref {{/$}}
      - name: Setup Neon Environment
        uses: ./.github/actions/setup
        with:
          use-rust: false
      - name: Fetch
        uses: robinraju/release-downloader@{{versions.actions.unverified.releaseDownloader.sha}} # {{versions.actions.unverified.releaseDownloader.tag}}
        with:
          tag: {{#$}} needs.setup.outputs.tag {{/$}}
          fileName: "*.tgz"
          out-file-path: ./dist
      - name: Publish
        shell: bash
        env:
          NODE_AUTH_TOKEN: {{#$}} secrets.NPM_TOKEN {{/$}}
        run: |
          for p in ./dist/*.tgz ; do
            npm publish --access public $p
          done
